Same as the OIDC changes we merged yesterday, this makes the frontend
ready for disabling SAML configuration page, if the SAML_ environment
variables are set.
---------
Co-authored-by: Nuno Góis <github@nunogois.com>
What the title says. There are input values that are whitespace
sensitive, so this will trim clientId and entity field, preventing the
form from sending leading or trailing whitespace. Will make a PR on
enterprise as well to trim on the backend as well.
- Adds support for the configuration option for SCIM taking over control
of users and groups
- Moves SCIM settings into SSO config pages (OIDC and SAML). SCIM
registers a callback to be invoked when saving in a parent SSO config
page
This improves the role resolution in the value of the default root role,
preventing a bug where settings saved
pre-https://github.com/Unleash/unleash/pull/5887 would show an empty
default root role in the dropdown.
Also makes the role update more robust.
https://linear.app/unleash/issue/2-1071/prevent-users-from-disabling-password-authentication-when-there-are-no
Improves the behavior of disabling password based login by adding some
relevant information and a confirmation dialog with a warning. This felt
better than trying to disable the toggle, by still allowing the end
users to make the decision, except now it should be a properly informed
decision with confirmation.
- **Password based administrators**: Admin accounts that have a password
set;
- **Other administrators**: Other admin users that do not have a
password. May be SSO, but may also be users that did not set a password
yet;
- **Admin service accounts**: Service accounts that have the admin root
role. Depending on how you're using the SA this may not necessarily mean
locking yourself out of an admin account, especially if you secured its
token beforehand;
- **Admin API tokens**: Similar to the above. If you secured an admin
API token beforehand, you still have access to all features through the
API;
Each one of them link to the respective page inside Unleash (e.g. users
page, service accounts page, tokens page...);
If you try to disable and press "save", and only in that scenario, you
are presented with the following confirmation dialog:
We've had requests from customers that use RS512 as the default signing
algorithm in their OIDC server deployment. This PR adds that as a config
variable to the OIDC form.
Removes feature flags for syncing sso groups and clone environment.
These features are being made generally available for all who have
access to environments and sso groups
* refactor: format files
* refactor: add missing RE UI config flag
* refactor: port admin auth index to TS/SWR
* refactor: port GoogleAuth to TS/SWR
* refactor: port OidcAuth to TS/SWR
* refactor: port SamlAuth to TS/SWR
* refactor: remove unused e-admin-auth store
* refactor: make AutoCreateForm an explicit export
* refactor: improve auth settings dir structure
* refactor: destructure authenticationType from uiConfig
* refactor: use setToastApiError to show errors
* refactor: format files
* refactor: remove invalid string fields from requests
Co-authored-by: Fredrik Strand Oseberg <fredrik.no@gmail.com>
